Https vs subdomains (SSL Certificates)

I recently acquired my first encrypted website. Following some advice I received from the SitePoint forums, I added a rule to my .htaccess file to make all my pages default to https, so that anyone following a link to http/my article would be redirected to https/myarticle.

It works great, but I just ran into a weird problem when I created a subdomain. I didn’t realize that subdomains of encrypted sites apparently aren’t https themselves. So when my .htaccess file redirects a subdomain URL to https, it’s directing it to a URL that doesn’t exist.

My webhost fixed the problem by putting a .htaccess file in my subdomain folder with a simple rule that overrides the https default. So my subdomain now defaults to http.

It works fine for me, but I just wondered if it would be better to have my subdomains encrypted along with the main site. It just seems strange to have an encrypted site with unencrypted subdomains. I’m using this particular subdomain to host a WordPress blog, by the way.

This is what my webhost told me:

The only way a subdomain would redirect is if the directory above the subdomain has rewrite rules that trickle down to said subdomain’s directory. So, in your situation, the .htaccess in your public_html had rules that redirected your subdomains to https. Because those subdomains didn’t have a SSL installed, the redirect tossed the subdomains to the first ssl vhost in the apache configuration.

In order to counter the .htaccess rules, I disabled the redirection within each of the subdomains’ main directories, which corrected the issue for you. If you need these subdomains to resolve to https://, you might want to look into a wildcard SSL to cover the main domain, hostname, and other subdomains atgeobop.com. Let me know your thoughts on what I’ve said, and if you have any questions- do not hesitate to ask.

So I did a little research on wildcard SSL’s and see I have more homework ahead of me. It sounds like I would have to purchase a SSL.

To cut to the chase, can anyone tell me, first of all, if there are any specific reasons to encrypt or not encrypt subdomains of an encrypted site?

If encrypting them is a good idea, how much do wildcard SSL’s generally cost (roughly)?

Thanks.

I haven’t looked into it at all, but there has been buzz over at meta.discourse.org about
https://letsencrypt.org

Let’s Encrypt is a new Certificate Authority:
It’s free, automated, and open.

For that price I think it would be worth your time to check and see if it might suit your needs.

Thanks.

+1 the recommendation for LetsEncrypt.

Also, FYI, they don’t support wildcards last time I checked (it may have changed though) but they do allow you to specify subdomains in advance of acquiring the certificate, and have them included in it. That would mean if you add another new one later you’d need to reacquire it, so, depends on how often you add new subdomains whether that’s practical.

Unless my info is outdated, that’s just what I remember from… earlier this year, ish, when I was researching it.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.